Geek-Guy.com

54 search results for "security engineering"

Was ist Social Engineering?

Mit Social-Engineering-Techniken manipulieren Cyberkriminelle die menschliche Psyche. Lesen Sie, wie das funktioniert und wie Sie sich schützen können. Foto: sp3n – shutterstock.com Selbst wenn Sie bei der Absicherung Ihres Rechenzentrums, Ihrer Cloud-Implementierungen und der physischen Sicherheit Ihres Firmengebäudes alle Register ziehen – mit Hilfe von Social Engineering finden gewiefte Cyberkriminelle meistens einen Weg, diese Maßnahmen…

Enhancing Security with Advanced Threat Protection and Zero Trust Security

As technology continues to advance, so do the threats to our online security. Cybersecurity is a critical issue that affects individuals, businesses, and governments alike. In order to protect against the latest security exploits and advanced threats, it is essential to implement a comprehensive security strategy that includes elements such as zero trust security, authentication,…

What is ‘security theater’ and how can we move beyond it?

Conventional wisdom assumes that the more vulnerabilities a security tool flags, the easier it will be for a company to secure its infrastructure. In theory, layering more tools into a tech stack should equal more effective attack surface monitoring, right? Well, reality isn’t quite panning out like that.  If anything, tool sprawl has created an…

China-linked hackers target Japan’s national security and high-tech industries

Japan’s National Police Agency (NPA) and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) have exposed a long-running cyber espionage campaign, “MirrorFace” (also known as Earth Kasha), allegedly linked to China. The campaign, operational since 2019, has targeted Japanese organizations, businesses, and individuals, primarily to exfiltrate sensitive data related to national security…

How CISOs can forge the best relationships for cybersecurity investment

When it comes to securing cybersecurity investments there are many things at play. The key often lies in the CISO’s ability to build relationships with key stakeholders across the organization. However, CISOs are being tasked with protecting their organizations while navigating budget constraints. Although nearly two-thirds of CISOs report budget increases, funding is only up…

US military allocated about $30 billion to spend on cybersecurity in 2025

The United States military will receive about $30 billion in cybersecurity funding in fiscal 2025 from $895.2 billion earmarked for US military activities under the National Defense Authorization Act (NDAA), an annual piece of must-pass legislation signed by President Joe Biden last month. The nearly 1,000-page bill’s budget doesn’t enable clear-cut or quick calculations of…

How eBPF is changing appsec | Impart Security

What happens when cutting-edge technology meets the reality of securing modern applications? That’s the question our expert panel tackled in this conversation on how eBPF is reshaping application security. Moderated by Katie Norton of IDC, the discussion featured Brian Joe (Impart Security), Francesco Cipollone (Phoenix Security), and Daniel Pacak (cloud-native security consultant), who brought insights…

The CSO guide to top security conferences

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts. Fortunately, plenty of great conferences are coming up in the months ahead.…

Anomaly Detection for Cybersecurity

A long promising approach comes of age I won’t revisit the arguments for anomaly detection as a crucial piece of cybersecurity. We’ve seen waves of anomaly detection over the years — and CISA, DARPA, Gartner, and others have explained the value of anomaly detection. As rules-based detections show their age and attackers adopt AI to accelerate their innovation,…

Security-Awareness-Trainings – ein Ratgeber

Wenn Ihre erste Verteidigungslinie fällt, haben Cyberschurken leichtes Spiel. Leremy | shutterstock.com Security-Awareness-Schulungen sind für Unternehmen und Organisationen obligatorisch und sollten Teil jeder übergreifenden Cybersecurity-Strategie sein. Zumindest, wenn sämtliche Mitarbeiter möglichst gut über alle relevanten Sicherheitsrisiken aufgeklärt sein und bestmöglich zum Schutz unternehmenskritischer Assets beitragen sollen. Insofern zielen Security-Awareness-Trainings in erster Linie darauf ab, Cyberrisiken…

7 biggest cybersecurity stories of 2024

Cybersecurity headlines were plenty this year, with several breaches, attacks, and mishaps drawing worldwide attention. But a few incidents in particular had far-reaching consequences, with the potential to reshape industry protections, shake up how vendors secure customers’ systems, or drive security leaders to reassess their strategies. Longer-term trends such as increased cybersecurity regulations and the…

Data Security Predictions for 2025: Putting Protection and Resilience at Center Stage

Data Security Predictions for 2025: Putting Protection and Resilience at Center Stage madhav Tue, 12/17/2024 – 05:10 Cybersecurity is a remarkably dynamic industry. New trends, technologies, and techniques reshape the landscape at an extraordinary pace, meaning keeping up can be challenging. Protecting data, the driving force of modern businesses, will continue to be the primary…

10 wichtige Security-Eigenschaften: So setzen Sie die Kraft Ihres IT-Sicherheitstechnik-Teams frei

Lesen Sie, worauf es bei der Zusammenarbeit zwischen Ihrem IT-Security- und Engineering-Team ankommt. Foto: Lipik Stock Media – shutterstock.com Security-Teams bestehen in erster Linie aus Mitarbeitern, die für den Betrieb und die Einhaltung von Vorschriften und Richtlinien zuständig sind. IT-Sicherheitstechnik-Teams, neudeutsch Security-Engineering-Teams, hingegen sind Konstrukteure. Sie entwickeln Dienste, automatisieren Prozesse und optimieren Bereitstellungen, um das…

The 7 most in-demand cybersecurity skills today

Cybersecurity teams find themselves understaffed, overburdened, and rushing to keep up with a rapidly changing threat landscape, as cyberattackers continually devise new ways to attack organizations — and organizations accelerate their embrace of the latest technologies. As a result, security professionals must continually upskill themselves to ensure they keep pace with organizations’ latest skill demands.…

People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action

Overview Background This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), the United States Cybersecurity and Infrastructure Security Agency (CISA), the United States National Security Agency (NSA), the United States Federal Bureau of Investigation (FBI), the United Kingdom National Cyber Security Centre (NCSC-UK), the Canadian Centre for Cyber Security (CCCS),…

Sicherheitsmängel gefährden DNA-Sequenziergeräte

srcset=”https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?quality=50&strip=all 5283w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=768%2C432&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1024%2C576&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1536%2C864&quality=50&strip=all 1536w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=2048%2C1152&quality=50&strip=all 2048w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1240%2C697&quality=50&strip=all 1240w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=150%2C84&quality=50&strip=all 150w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=854%2C480&quality=50&strip=all 854w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=640%2C360&quality=50&strip=all 640w, https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px”>Security-Forscher haben festgestellt, dass bei einem DNA-Sequenziergerät wichtige Sicherheitsfunktionen fehlen. angellodeco – Shutterstock.com Das DNA-Sequenziergerät iSeq 100 von Illumina  wird von medizinischen Laboren auf der ganzen Welt für…

CISOs embrace rise in prominence — with broader business authority

It’s a familiar refrain: As cybersecurity has become a core business priority, it is no longer a siloed operation, and the responsibilities of CISOs have grown, giving them greater prominence within the organization. According to CSO’s 2024 Security Priorities Study, 72% of security decision-makers say their role has grown to include additional responsibilities over the…

6 Risk-Assessment-Frameworks im Vergleich

Mit dem richtigen Framework lassen sich Risiken besser ergründen. FOTOGRIN – shutterstock.com Für viele Geschäftsprozesse ist Technologie inzwischen unverzichtbar. Deshalb zählt diese auch zu den wertvollsten Assets eines Unternehmens. Leider stellt sie gleichzeitig jedoch auch eines der größten Risiken dar – was Risk-Assessment-Frameworks auf den Plan ruft. IT-Risiken formal zu bewerten, ermöglicht es Organisationen, besser einzuschätzen,…

DNA sequencer vulnerabilities signal firmware issues across medical device industry

In highlighting vulnerabilities in a widely used DNA gene sequencing device, security researchers have brought further attention to the likely poor state of security in the medical device industry, where hardware and firmware development is often outsourced to external equipment manufacturers under questionable support contracts. The device, Illumina’s iSeq 100 compact DNA sequencer, is used…

A Day in the Life of a Prolific Voice Phishing Crew

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety…

Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #319 – Specialities

via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé! Permalink The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #319 – Specialities appeared first on Security Boulevard.

7 fundamentale Cloud-Bedrohungen

Dieser Artikel hilft, Unsicherheiten in Cloud-Umgebungen vorzubeugen. Foto: Roman Samborskyi | shutterstock.com Für jedes Unternehmen, das sich auf die Cloud verlässt, um Services bereitzustellen, steht Cybersicherheit ganz oben auf der Prioritätenliste. Allerdings stellen Anwender in der Regel schnell fest, dass das leichter gesagt als getan ist. Zumindest, wenn Daten und Unternehmens-Assets über die gesamte Online-Infrastruktur…

What Top Technologies IT Leaders Want From Solution Providers in 2025

Now that we’ve turned the page over to the new year, organizations will begin to set their sights on what technologies and services they should prioritize this year. Enterprises must deliver successful digital initiatives while navigating budget constraints. According to Gartner’s 2025 CIO Agenda, CIOs should aim to “grow the digital vanguard by making it…

SquareX Researchers Expose OAuth Attack on Chrome Extensions Days Before Major Breach

SquareX, an industry-first Browser Detection and Response (BDR) solution, leads the way in browser security. About a week ago, SquareX reported large-scale attacks targeting Chrome Extension developers aimed at taking over the Chrome Extension from the Chrome Store. On December 25th, 2024, a malicious version of Cyberhaven’s browser extension was published on the Chrome Store that…

CISSP Domains and Guidance

The ISC2 (International Information System Security Certification Consortium) has several certifications, each with its own domains of knowledge. To give you the most relevant information, I need to know which certification you’re interested in. However, since the CISSP (Certified Information Systems Security Professional) is one of their most popular certifications, we provide those domains as…

Glossary of Sec and IT Terms

A comprehensive glossary explaining common cybersecurity and IT terms in simple language. Generative AI can easily compile and define such terms, making complex topics accessible to a wider audience. Here is a comprehensive glossary of terms used in cybersecurity and IT: General Terms Network Security Malware Password Management Ransomware Security Measures Software Security Threat Intelligence…

The 2024 cyberwar playbook: Tricks used by nation-state actors

In 2024, nation-state cyber activity was off the charts, with Chinese, Russian, and Iranian actors leading the charge. Their campaigns weren’t just relentless — they were innovative, using a crafty mix of Tactics, Techniques, and Procedures (TTPs) to gain footholds, stay hidden, and spy-like pros. “There was definitely a continued and noted uptick in nation-state…

4 Wege zu neuer Cyberabwehrstärke

Generative AI kann traditionellen Sicherheitsmaßnahmen neuen “Schwung” verleihen. Henri Studios | shutterstock.com Von Smartphones und Wearables über IoT-Geräte bis hin zu Cloud-Infrastrukturen – die Bandbreite und Komplexität unseres digitalen Ökosystems nimmt weiterhin in beispiellosem Tempo zu. Parallel wächst auch die Zahl der Schwachstellen und Backdoors, was sich in verheerenden Cyberattacken manifestiert. Nur drei Beispiele aus…

What Is Privilege Escalation? Types, Examples, and Prevention

Privilege escalation is a critical cybersecurity threat in which a user—usually a malicious actor—gains access to data beyond what their account permissions allow. Attackers can gain this access through human error, stolen credentials, or social engineering.  The post What Is Privilege Escalation? Types, Examples, and Prevention appeared first on Security Boulevard.

Cisco grabs SnapAttack for threat detection

Cisco is acquiring threat-detection startup SnapAttack for an undisclosed amount as it continues to expand its security portfolio. Established in 2001 by Booz Allen’s Dark Labs, SnapAttack is known for its threat detection and engineering technology, which melds threat intelligence, attack emulation, and behavioral analytics to help customers identify potential vulnerabilities and gaps in their networks,…

How to Lose a Fortune with Just One Bad Click

Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to…

CISOs should stop freaking out about attackers getting a boost from LLMs

A common refrain from cybersecurity professionals in recent years has been the need for a diversification of the CISO role to meet the demands of increased responsibility across numerous categories. In the past year, this refrain has grown louder, specifically around the topic of generative AI. Large language models (LLMs) have added a new dimension…

Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #316 – Simplicity

via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé! Permalink The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #316 – Simplicity appeared first on Security Boulevard.

Guarding against AI-powered threats requires a focus on cyber awareness

Threat actors will always find nefarious uses for new technologies, and AI is no exception. Attackers are primarily using AI to enhance the volume and velocity of their attacks. They’re also using the technology to make phishing communications more believable with perfect grammar and context-aware personalization. As cybercriminals harness new technologies to advance their operations,…

Arizona man arrested for alleged involvement in violent online terror networks

Baron Martin, a 20-year-old resident of Tucson, Arizona, was arrested Wednesday on charges of producing child sexual abuse material and cyberstalking. His arrest is connected to his involvement in online terror networks, specifically 764 and CVLT, which are known for violent extremist activities. Martin, also known under the alias “Convict,” is charged with significant involvement…

AMD data center chips vulnerable to revealing data through ‘BadRAM’ attack

AMD’s Secure Encrypted Virtualization (SEV), meant to protect processor memory from prying eyes in virtual machine (VM) environments, can be tricked into giving access to its encrypted memory contents using a test rig costing less than $10, researchers have revealed. Dubbed “BadRAM” by researchers from the University of Lübeck in Germany, KU Leven in Belgium,…

She Joined Facebook to Fight Terror. Now She’s Convinced We Need to Fight Facebook.

For two years, Hannah Byrne was part of an invisible machine that determines what over 3 billion people around the world can say on the internet. From her perch within Meta’s Counterterrorism and Dangerous Organizations team, Byrne helped craft one of the most powerful and secretive censorship policies in internet history. Her work adhered to…

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio. A visual depiction of the attacks by the SMS phishing group known…

FBI: Spike in Hacked Police Emails, Fake Subpoenas

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies. In an alert (PDF) published this week, the FBI…

Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations

Summary The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) are releasing this joint Cybersecurity Advisory to warn network defenders of Iranian cyber actors’ use…

Everything You Want to Know About Advanced Persistent Threats (APTs)

Advanced Persistent Threats (APTs) are among the most dangerous and complex cyberattacks. APTs are not your run-of-the-mill cyberattacks—they’re sophisticated, targeted, and designed to remain undetected for extended periods.  But what exactly are APTs, and how can you protect your business from them? What Are Advanced Persistent Threats (APTs)? An Advanced Persistent Threat (APT) is a…

How to Secure Banking Apps

Securing banking applications is crucial for banking institutions to protect financial data and maintain customer trust. Cybercriminals continuously evolve their tactics, making it essential for banks to stay ahead of potential threats. Here are some essential tips to boost the security of your banking applications. Understand the Threat Landscape Before diving into security measures, it’s…

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

Summary The U.S. Federal Bureau of Investigation (FBI) and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju: U.S. Cyber National Mission Force (CNMF) U.S. Cybersecurity and Infrastructure Security Agency…

WordPress Appliance - Powered by TurnKey Linux